On Fri, Dec 05, 2003 at 06:01:59AM -0500, John Meagher wrote: > From: "Jay Daniels" <jay@xxxxxxxxxxx> > > > Probably MS Windows worms and virus trying to spread, but I would > really > > like to know what or who is trying to connect to my ports! > > tcpdump will tell you. Or if you want a nice display, use ethereal. > But the router blocks all that before it gets to the linux box. Light flashing in internet side of router, no lights flashing on linux box. So, tcpdump nor ethereal will show anything! > > Would it be silly to scrap the hardware router/firewall in place of > > iptables and connect the dsl line directly to my nic just like the old > > days when that's all that we had available??? > > Your router is usually what converts dsl to ethernet. You need it > anyway for that. An extra firewall won't hurt you. > > > > Note: I use this server as my primary workstation. I run X and have > > even built a custom iptables script which passed all online (outside) > > test. This was before I installed the hardware (firewall router > > device). > > What kind of device connects to your dsl line? > > Explanation of current setup. Ok, the linux box connects to the router/firewall device, this device is attached to what I call a DSL modem, Paradyne. I'm not sure if the proper name is DSL "modem". What's strange about this DSL setup, there is no authentication or login! So I guess it's possible if my system was down someone could actually use my ip address - perhaps another DSL user who is with the same provider. Or, they could initiate a DoS attack and flood my system with packets and then restart their network using my ip, in essense steal my ip address! There are probably many unseen security issues with this type of DSL. Another reason I want access to the packets hitting me box. With the DSL router between the linux box and the paradyne, I can't see the traffic - the router doesn't log these packets, it just denies or blocks them. I am also concerned about using fetchmail with pop3 on this DSL connection. I want to know if other DSL users with my provider can capture my login/password when I fetchmail. > > > Other concerns: > > 783/tcp open hp-alarm-mgr # WTF? > > 6000/tcp open X11 # why is X running on port 6000? > > > are you using spamassassin? > use: > fuser -n <proto> <port> > to determine which process is using which port > > > from the iana well-known ports list: > x11 6000-6063/tcp X Window System > x11 6000-6063/udp X Window System ---end quoted text--- Spamassassin is installed. But why does x11 use any ports and can I close the port without killing X? Is it the font server, xfs? I don't care about running X apps from remote ssh, etc. jay -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
